Cisco MDS 9000 Series Configuration Manual page 21

Security Overview
The Cisco MDS 9000 NX-OS software supports advanced security features that provide security within a
Storage Area Network (SAN). These features protect your network against deliberate or unintentional
disruptions from internal or external threats.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
•
FIPS
The Federal Information Processing Standards (FIPS) Publication 140-2, Security Requirements for
Cryptographic Modules, details the U.S. government requirements for cryptographic modules. FIPS 140-2
specifies that a cryptographic module should be a set of hardware, software, firmware, or some combination
that implements cryptographic functions or processes, including cryptographic algorithms and, optionally,
key generation, and is contained within a defined cryptographic boundary. FIPS specifies certain crypto
algorithms as secure, and it also identifies which algorithms should be used if a cryptographic module is to
be called FIPS compliant.
For more information on configuring FIPS, see
FIPS, on page 3
Users and Common Roles, on page 4
RADIUS and TACACS+, on page 4
IP ACLs, on page 4
PKI, on page 5
SSH Services, on page 5
IPsec, on page 5
FC-SP and DHCHAP, on page 5
Port Security, on page 6
Fibre Channel Common Transport Management Server Query, on page 6
Fabric Binding, on page 6
TrustSec Fibre Channel Link Encryption, on page 6
C H A P T E R
Configuring FIPS.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
2
3